Feature Request
It would be great if config.yaml supported environment variable substitution for sensitive fields like API keys and tokens.
Current behavior:
API keys must be hardcoded directly in config.yaml, for example:
model:
api_key: hardcoded-key-here
platforms:
telegram:
token: hardcoded-token-hereRequested behavior:
Allow ${ENV_VAR} references so keys can be stored in ~/.hermes/.env instead:
model:
api_key: ${GOOGLE_API_KEY}
platforms:
telegram:
token: ${TELEGRAM_BOT_TOKEN}Why this matters:
- Users who back up their config to version control (GitHub, etc.) currently have no safe way to do so — the config must be excluded entirely or manually sanitized before every commit
- Keeping secrets out of config files is a standard security practice
- The
.env loading infrastructure already exists in hermes_cli/env_loader.py — the config loader just needs to resolve ${VAR} references after parsing
This would make it much easier to safely back up and share configs without risking credential exposure.
Feature Request
It would be great if
config.yamlsupported environment variable substitution for sensitive fields like API keys and tokens.Current behavior:
API keys must be hardcoded directly in
config.yaml, for example:Requested behavior:
Allow
${ENV_VAR}references so keys can be stored in~/.hermes/.envinstead:Why this matters:
.envloading infrastructure already exists inhermes_cli/env_loader.py— the config loader just needs to resolve${VAR}references after parsingThis would make it much easier to safely back up and share configs without risking credential exposure.